package jdbc;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.Scanner;
/**本类用于引入prepareStatement传输器，用来解决SQL注入问题 模拟登录*/
public class Demo02 {
    public static void main(String[] args) throws Exception {
        Class.forName("com.mysql.jdbc.Driver");
        String url="jdbc:mysql://localhost:3306/cgb2110";
        Connection c = DriverManager.getConnection(url, "root", "root");
        System.out.println("请输入账号:");
        Scanner scanner=new Scanner(System.in);
        String a=scanner.next();
        System.out.println("请输入密码:");
        String b=scanner.next();
        String sql = "select * from user where name=? and pwd=?";
        PreparedStatement p = c.prepareStatement(sql);
        p.setObject(1,a);
        p.setObject(2,b);
        ResultSet r = p.executeQuery();
        if(r.next()){
            System.out.println("欢迎回来");
        }else{
            System.out.println("登录失败");
        }
        r.close();
        p.close();
        c.close();
    }
}
